4 Profile The ONLY real security a person can have in this world = A reserve of knowledge, Intent, experience, ability & action We must NOT only learn but adapt! There is NO answer, but ONLY solutions My Beliefs & Mottos Think Global, Act Local You can NOT gain ground if you are standing still! Page 4

7 The Problem: Internet = a hostile network like the wild-west WITHOUT a sheriff! Page 7

8 Cyber Security Risks comes from: Page 8

9 Cyber Security Risks Types: Page 9

10 Some Today s Alerting Facts (1/2) : Statistics as of 21 Jan DNS, a concrete long belief of Internet Security backbone, have sever flaws. In April 2009, The Internet was about to shut down due to that. Thanks to Dan Kaminsky. Despite DNS being deployed for a decade so far, 80% of global Government Web Sites miss-configure DNS Security! For Private.COM, the related skills are badly needed. DNSSEC (The ONLY viable Solution to DNS threats), is rarely deployed on Country- Level Domains and postponed for Top-Level Domains to end 2010 / Early 2011, as hoped! ( Please see my accompanied DNSSEC Slides). Companies fight ENDLESS war against computer Attacks, as Hackers are getting stronger with sophisticated composite means. They started to use a technique which leave NO trace to follow. Also, whenever an adaptive standardized protection scheme is used by many, the Attacks become more probable! A continuous changes in the Threat schemes. For e.g. DDoS (Distributed Denial of Services) Attacks are back stronger & diverse With Facbook ( & other Social Networking's Sites), the problem get worse where personal data are susceptible to fraud. Page 10

12 What to do when you know the following facts : Every 20 Minutes of any Attack, needs a 36 Hours of analysis ONLY by the best internationally-recognized security experts! When Attack analysis is done, and prepare the counter-measures launching, the Attack method most probably will be changed by Attackers! The current Internet is facing 2 Major flaw issues (Security-Wise): 1. A close depletion (ONLY 9% left on a global level) of current version (IPv4) Internet Operational Protocol. The complete depletion will be somewhere in time between as expected. IPv6 is the ONLY coming solution for IPv4 Scarcity & Security, especially with gradually converged worlds of Telecommunications + Internet. 2. Hijacking of DNS. DNSSEC is the ONLY way ahead. While other countries (USA, EU, China, South East Asia, Latin America) started rushing to overcome (1) & (2), by deploying IPv6 & DNSSEC gradually, our region is still in the baby steps ONLY of related awareness! ONLY Africa is behind us! Page 12

13 ONLY 9% of useable IPv4 address spaces are available Page 13

14 Know your enemy: Attacks Strategy Step1: Disorganizer disrupt transportation networks. Railway, air control, road light traffic, communication networks Step 2: Attacks against the financial systems and against the communications networks. Stock market exchange, telephone networks Step 3: Attacks against resources and services distribution. Water supply, gas distribution, nuclear plants, electricity Hint 1: Did you know that the Internet Revolution have NOT started yet! With Internet 2, IPv6, NGN & Mobile-Internet Convergence SOON AHEAD, are you ready & prepared for what the new Attacks could be? Hint 2 : The power of a country lies in its ability to impose Security Standards + Promptly Receptive to Counter-Measures Reactions. Page 14

16 Cyber Security Challenges ( 2 / 3) The main challenge for national criminal legal systems is the delay between the recognition of potential abuses of new technologies & necessary amendments to the national criminal law. Law-Makers must continuously respond promptly to Internet developments & monitor the effectiveness of existing provisions Specific departments are needed within national law enforcement agencies, which are qualified to investigate potential Cyber Crimes: Computer Emergency Response Teams (CERTs) Computer Incident Response Teams, (CIRTs) Computer Security Incident Response Teams (CSIRTs) The identification of gaps in the penal code. What is considered as an ICT crime in any country, may NOT in another. WITHOUT the international harmonization of national criminal legal provisions, the fight against Trans-National Cyber Crimes run into incompatible national legislations. Developing the right procedures for collecting, analyzing & law-effecting the Digital Evidence Page 16

26 So: What Are Our Priorities? (1) An Eye on the World: Beware closely of What s Happening internationally on Technical, Policies, Implementations & Deployments Tracks: IPv6, DNSSEC, Cyber Agendas, Security Advances, See how related International Expertise is reacting towards needs Domestic problems are linked to other parts of the world With the rapid development of globalization, predicting international instability & achieving, then international security are becoming increasingly difficult. NO country can act alone Transfer International expertise to our region as appropriate. Page 26

27 So: What Are Our Priorities? (2) A 2 nd Eye locally: Attract attention and commitment from Government (politics) & Administration on Information Security Support Administration actions when building capability Create a structured market for professionals & industry The Up-Bottom change scheme, in our region, have the fastest track. Local Governments Policy Makers & Decision Makers are the 1 st target to be approached. Start small locally and then grow regionally. When Governments Potentials take the lead, things will go smother & faster. Lobby a campaign of multi-stakeholders for awareness, study groups, etc See what local Cyber Security Models do exists, What Works? Coordinate Regional Collaborations. Integration is better than Differentiation. Defragmentation is the current scenery! Page 27

29 Our Security Tasks Sets : (2) Establish Work Groups WG Goal Standards Legal Education & Research CERT Awareness Agency Page 29 Description Define a list of Information Security Standards to be adopted by the Administration Support creating a Information Security System scheme Support the experts representing the all international standardization bodies Identify the weaknesses in legal context Propose necessary evolution to appropriate actors Education = Propose a common official program for universities & High Schools (+ secondary schools) Research = coordinate the activities Establish A country Computer Emergency Response Team Identify audience and messages Prepare and launch campaigns Help creating a country Information Security Agency to provide strategy and coordination

Cybersecurity for ALL An Overview of ITU s Cybersecurity Activities UNECE International Conference on Technological Readiness for Innovationbased Competitiveness 30 in Geneva, Switzerland Christine Sund

International Telecommunication Union ITU Global Cybersecurity Agenda (GCA) Framework for International Cooperation in Cybersecurity ITU 2007 All rights reserved. No part of this publication may be reproduced,

Cybersecurity @ ITU Carla Licciardello Policy Analyst Carla.licciardello@itu.int www.itu150.org Where are we coming from Specialized agency of the UN for telecommunications and ICTs Some more info about

DIRECTION TO SUCCESS. PUBLIC AND PRIVATE SECTORS PARTNERSHIP WSIS Action Line Facilitation Meeting: Building confidence and security in the use of ICTs (C5) Partnerships for Global Cybersecurity ITU Geneva,

The Importance of a Multistakeholder Approach to Cybersecurity Effectiveness Abstract Area: ROADMAP FOR THE FURTHER EVOLUTION OF THE INTERNET GOVERNANCE ECOSYSTEM Entitled by: Cristine Hoepers, Klaus Steding-Jessen,

Building Blocks of a Cyber Resilience Program Monika Josi monika.josi@safis.ch About me Chief Security Advisor for Microsoft Europe, Middle East and Africa providing support to Governments and CIIP until

2011/TEL43/SPSG/WKSP/004 Policies and Practices on Network Security of MIIT Submitted by: China Workshop on Cybersecurity Policy Development in the APEC Region Hangzhou, China 27 March 2011 Policies and

Actions and Recommendations (A/R) Summary Priority I: A National Cyberspace Security Response System A/R 1-1: DHS will create a single point-ofcontact for the federal government s interaction with industry

DNS Security Survey for National Computer Security Incident Response Teams December 2010 Summary As referenced during the ICANN meeting in Brussels, Belgium in June 2010, ICANN developed a survey on DNS

Research Topics in the National Cyber Security Research Agenda Trust and Security for our Digital Life About this document: This document summarizes the research topics as identified in the National Cyber

For Information on 8 July 2013 LC Paper No. CB(4)834/12-13(05) Legislative Council Panel on Information Technology and Broadcasting Information Security Purpose This paper updates Members on the latest

Council 2014 Geneva, 6-15 May 2014 Agenda item: PL 1.1 Document 10 February 2014 Original: English Report by the Secretary- General ITU ACTIVITIES ON STRENGTHENING THE ROLE OF ITU IN BUILDING CONFIDENCE

Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade

Cyber Security Division Qatar Computer Emergency Team An initiative Introduction Qatar aims to fully exploit information and communications technology to become one of the most successful knowledge-based

National Cybersecurity & Communications Integration Center (NCCIC) FOR OFFICIAL USE ONLY NCCIC Overview NCCIC Overview The National Cybersecurity and Communications Integration Center (NCCIC), a division

Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a

FIGHTING FRAUD ON 4G Neutralising threats in the LTE ecosystem TABLE OF CONTENTS Introduction...3 New and Old Vulnerabilities...4 Identity Management...5 A Unified Response...6 Data Mining...7 An Evolving

Supporting CSIRTs in the EU Marco Thorbruegge Head of Unit Operational Security European Union Agency for Network and Information Security www.enisa.europa.eu European Union Agency for Network and Information

Caribbean Cyber Security Be Aware Be Proactive as the Caribbean Is Under Cyber Attack THE TIME FOR AWARENESS AND VIGILANCE IS NOW WWW.CARIBBEANCSC.COM Caribbean Cyber Security Center Who We Are Computer

Commonwealth Approach to Cybergovernance and Cybersecurity By the Commonwealth Telecommunications Organisation Trends in Cyberspace Cyberspace provides access to ICT Bridging the digital divide and influencing

Google Contribution to the Global Multistakeholder Meeting on the Future of Internet Governance Introduction Google welcomes the opportunity to submit a contribution to the Global Multistakeholder Meeting

Cyber- Attacks: The New Frontier for Fraudsters Daniel Wanjohi, Technology Security Specialist What is it All about The Cyber Security Agenda ; Protecting computers, networks, programs and data from unintended

ENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe CENTR General Assembly, Brussels October 4, 2012 christoffer.karsberg@enisa.europa.eu 1 Who we are ENISA was

(U) Appendix E: Case for Developing an International Cybersecurity Policy Framework (U//FOUO) The United States lacks a comprehensive strategic international policy framework and coordinated engagement

Submission of the.au Domain Administration Ltd (auda) to the Australian Government's Cyber Security Review About auda.au Domain Administration Ltd (auda) is the industry self regulatory, not for profit

Breakout Session B: Cyber Security and Cybercrime Trends in Africa Global Forum for Cyber Expertise Awareness Initiative The African Union, Symantec, and the U.S. Department of State committed to develop

CYBERSECURITY STRATEGY The Government of Japan September 2015 OVERVIEW 1 Understanding on Cyberspace Cyberspace is an artificial domain as a "frontier generating infinite values" and an essential foundation

Author: Andrea Renda, Senior Research Fellow, Centre for European Policy Studies May 3, 2013 Editor's note: This brief is a feature of the Council of Councils initiative, gathering opinions from global

EEI Business Continuity Conference Threat Scenario (TSP) April 4, 2012 EEI Threat Scenario 1 Background EEI, working with a group of CIOs and Subject Matter Experts, conducted a survey with member companies

RWANDA CONTRIBUTION TO CWG-INTERNATIONAL INTERNET RELATED PUBLIC POLICY ISSUES. (Ref: CL-13/168 of 22 November 2013) 1.0. Introduction Since 2000, the Government of Rwanda (GoR) embarked on a 20 year journey